package com.sun.srs.tunneling.util.security;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.util.ArrayList;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:121231-01/SUNWsrsas/reloc/SUNWsrsas/lib/tunnel-client.jar:com/sun/srs/tunneling/util/security/CertsProcessor.class */
public class CertsProcessor {
    public static final String CUSTOMER_PEM_FILE = "CustomerCert.pem";
    public static final String CA_PEM_FILE = "SRSCACert.pem";
    private static Logger log = Logger.getLogger("com.sun.srs.tunneling.util.CertsProcessor.class");
    protected boolean customerPEMProcessed;
    protected boolean caPEMProcessed;
    protected boolean customerPEMFileFound;
    protected boolean caPEMFileFound;
    protected URL cPEMUrl;
    protected URL caPEMUrl;
    protected X509Certificate[] caCertificates;
    protected KeyManagerFactory kmf;

    /* loaded from: input_file:121231-01/SUNWsrsas/reloc/SUNWsrsas/lib/tunnel-client.jar:com/sun/srs/tunneling/util/security/CertsProcessor$CustomerCertParseResults.class */
    public static class CustomerCertParseResults {
        public byte[] rawCertData;
        public byte[] saltData;
        public byte[] rawPrivateKeyData;

        public CustomerCertParseResults(byte[] bArr, byte[] bArr2, byte[] bArr3) {
            this.rawCertData = bArr;
            this.saltData = bArr2;
            this.rawPrivateKeyData = bArr3;
        }
    }

    public CertsProcessor(URL url, URL url2) throws IOException {
        log.log(Level.FINEST, "In CertsProcessor(customerCertFile, caCertFile");
        checkForPEMFiles(url, url2);
    }

    protected void checkForPEMFiles(URL url, URL url2) throws IOException {
        log.log(Level.FINEST, "In checkForPEMFiles");
        this.customerPEMProcessed = false;
        this.caPEMProcessed = false;
        this.customerPEMFileFound = false;
        this.caPEMFileFound = false;
        log.log(Level.FINE, new StringBuffer().append("customerCertPEMFile: ").append(url).toString());
        log.log(Level.FINE, new StringBuffer().append("caCertPEMFile: ").append(url2).toString());
        if (url != null) {
            log.log(Level.FINE, new StringBuffer().append("customerCertPEMFile: ").append(url).toString());
            try {
                InputStream openStream = url.openStream();
                if (openStream != null) {
                    openStream.close();
                }
                this.cPEMUrl = url;
                this.customerPEMFileFound = true;
            } catch (Exception e) {
                log.log(Level.WARNING, new StringBuffer().append("Unable to access customerCertPEMFile: ").append(url).append(" ").append(e.getMessage()).toString(), (Throwable) e);
            }
        }
        if (url2 != null) {
            log.log(Level.FINE, new StringBuffer().append("caCertPEMFile: ").append(url2).toString());
            try {
                InputStream openStream2 = url2.openStream();
                if (openStream2 != null) {
                    openStream2.close();
                }
                this.caPEMUrl = url2;
                this.caPEMFileFound = true;
            } catch (Exception e2) {
                log.log(Level.WARNING, new StringBuffer().append("Unable to access caCertPEMFile: ").append(url2).append(" ").append(e2.getMessage()).toString(), (Throwable) e2);
            }
        }
        if (this.customerPEMFileFound || this.caPEMFileFound) {
            return;
        }
        IllegalArgumentException illegalArgumentException = new IllegalArgumentException("Neither CustomerCert.pem nor SRSCACert.pem were found. At least one is required.");
        log.log(Level.SEVERE, "FATAL", (Throwable) illegalArgumentException);
        throw illegalArgumentException;
    }

    protected byte[] bytesToKeyMaterial(byte[] bArr, byte[] bArr2) throws NoSuchAlgorithmException {
        log.log(Level.FINEST, "In bytesToKeyMaterial");
        byte[] bArr3 = new byte[24];
        MessageDigest messageDigest = MessageDigest.getInstance("MD5");
        messageDigest.update(bArr);
        messageDigest.update(bArr2);
        byte[] digest = messageDigest.digest();
        System.arraycopy(digest, 0, bArr3, 0, 16);
        messageDigest.update(digest);
        messageDigest.update(bArr);
        messageDigest.update(bArr2);
        System.arraycopy(messageDigest.digest(), 0, bArr3, 16, 8);
        return bArr3;
    }

    protected byte[] decryptPrivateKeyData(String str, byte[] bArr, byte[] bArr2) throws BadPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException {
        log.log(Level.FINEST, "In decryptPrivateKeyData");
        SecretKeySpec secretKeySpec = new SecretKeySpec(bytesToKeyMaterial(str.getBytes(), bArr), "DESede");
        IvParameterSpec ivParameterSpec = new IvParameterSpec(bArr);
        Cipher cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding");
        cipher.init(2, secretKeySpec, ivParameterSpec);
        return cipher.doFinal(bArr2);
    }

    protected RSAPrivateCrtKeySpec createKeySpec(byte[] bArr) throws ASN1ParseException {
        log.log(Level.FINEST, "In createKeySpec");
        ASN1_RSAPrivateKeyParser aSN1_RSAPrivateKeyParser = new ASN1_RSAPrivateKeyParser(bArr);
        return new RSAPrivateCrtKeySpec(aSN1_RSAPrivateKeyParser.getModulus(), aSN1_RSAPrivateKeyParser.getPublicExponent(), aSN1_RSAPrivateKeyParser.getPrivateExponent(), aSN1_RSAPrivateKeyParser.getPrime1(), aSN1_RSAPrivateKeyParser.getPrime2(), aSN1_RSAPrivateKeyParser.getExponent1(), aSN1_RSAPrivateKeyParser.getExponent2(), aSN1_RSAPrivateKeyParser.getCoefficients());
    }

    protected X509Certificate[] processCAPEMFile() throws IOException {
        log.log(Level.FINEST, "In processCAPEMFile");
        ArrayList arrayList = new ArrayList();
        BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(this.caPEMUrl.openStream()));
        boolean z = false;
        while (!z) {
            try {
                arrayList.add(readNextCACert(bufferedReader));
            } catch (Exception e) {
                z = true;
            }
        }
        if (arrayList.size() == 0) {
            throw new IOException("SRSCACert.pem not of correct format");
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
    }

    private X509Certificate readNextCACert(BufferedReader bufferedReader) throws CertificateException, IOException {
        log.log(Level.FINEST, "In readCert");
        boolean z = false;
        String readLine = bufferedReader.readLine();
        while (readLine != null && !z) {
            if (readLine.startsWith("-----BEGIN CERTIFICATE")) {
                z = true;
            } else {
                readLine = bufferedReader.readLine();
            }
        }
        if (z) {
            StringBuffer stringBuffer = new StringBuffer();
            boolean z2 = false;
            String readLine2 = bufferedReader.readLine();
            while (true) {
                String str = readLine2;
                if (str == null) {
                    break;
                }
                if (str.startsWith("-----END CERTIFICATE")) {
                    z2 = true;
                    break;
                }
                stringBuffer.append(str.trim());
                readLine2 = bufferedReader.readLine();
            }
            if (!z2) {
                log.log(Level.FINE, "-----END CERTIFICATE never found");
            } else {
                if (stringBuffer.length() != 0) {
                    return (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(Base64.decode(stringBuffer.toString())));
                }
                log.log(Level.FINE, "No certificate data found");
            }
        } else {
            log.log(Level.FINE, "-----BEGIN CERTIFICATE never found");
        }
        throw new IOException("SRSCACert.pem not of correct format");
    }

    protected CustomerCertParseResults processCustomerCertPEMFile() throws CertificateException, IOException {
        log.log(Level.FINEST, "In processCustomerCertPEMFile");
        InputStreamReader inputStreamReader = new InputStreamReader(this.cPEMUrl.openStream());
        BufferedReader bufferedReader = new BufferedReader(inputStreamReader);
        String readLine = bufferedReader.readLine();
        if (readLine == null || readLine.indexOf("Certificate:") == -1) {
            log.log(Level.SEVERE, "line null or not Certificate");
        } else {
            boolean z = false;
            String readLine2 = bufferedReader.readLine();
            while (readLine2 != null && !z) {
                if (readLine2.startsWith("-----BEGIN CERTIFICATE")) {
                    z = true;
                } else {
                    readLine2 = bufferedReader.readLine();
                }
            }
            if (z) {
                boolean z2 = false;
                StringBuffer stringBuffer = new StringBuffer();
                String readLine3 = bufferedReader.readLine();
                while (readLine3 != null && !z2) {
                    if (readLine3.startsWith("-----END CERTIFICATE")) {
                        z2 = true;
                    } else {
                        stringBuffer.append(readLine3.trim());
                        readLine3 = bufferedReader.readLine();
                    }
                }
                if (!z2) {
                    log.log(Level.SEVERE, "-----END CERTIFICATE never found");
                } else if (stringBuffer.length() == 0) {
                    log.log(Level.SEVERE, "No certificate data found");
                } else {
                    byte[] decode = Base64.decode(stringBuffer.toString());
                    boolean z3 = false;
                    String readLine4 = bufferedReader.readLine();
                    while (readLine4 != null && !z3) {
                        if (readLine4.startsWith("-----BEGIN RSA PRIVATE KEY")) {
                            z3 = true;
                        } else {
                            readLine4 = bufferedReader.readLine();
                        }
                    }
                    if (z3) {
                        String readLine5 = bufferedReader.readLine();
                        if (readLine5 == null || readLine5.indexOf("Proc-Type: 4,ENCRYPTED") == -1) {
                            log.log(Level.SEVERE, "line null or not Proc-Type");
                        } else {
                            String readLine6 = bufferedReader.readLine();
                            if (readLine6 == null) {
                                log.log(Level.SEVERE, "line null");
                            } else if (readLine6.indexOf("DEK-Info: DES-EDE3-CBC,") == -1) {
                                log.log(Level.SEVERE, "line not DEK-Info");
                            } else {
                                String substring = readLine6.substring("DEK-Info: DES-EDE3-CBC,".length());
                                byte[] bArr = new byte[8];
                                for (int i = 0; i < 8; i++) {
                                    bArr[i] = (byte) Integer.parseInt(substring.substring(i * 2, (i * 2) + 2), 16);
                                }
                                bufferedReader.readLine();
                                boolean z4 = false;
                                StringBuffer stringBuffer2 = new StringBuffer();
                                String readLine7 = bufferedReader.readLine();
                                while (readLine7 != null && !z4) {
                                    if (readLine7.startsWith("-----END RSA PRIVATE KEY")) {
                                        z4 = true;
                                    } else {
                                        stringBuffer2.append(readLine7.trim());
                                        readLine7 = bufferedReader.readLine();
                                    }
                                }
                                if (!z4) {
                                    log.log(Level.SEVERE, "-----END RSA PRIVATE KEY never found");
                                } else {
                                    if (stringBuffer2.length() != 0) {
                                        inputStreamReader.close();
                                        return new CustomerCertParseResults(decode, bArr, Base64.decode(stringBuffer2.toString()));
                                    }
                                    log.log(Level.SEVERE, "No private key data found");
                                }
                            }
                        }
                    } else {
                        log.log(Level.SEVERE, "-----BEGIN RSA PRIVATE KEY never found");
                    }
                }
            } else {
                log.log(Level.SEVERE, "-----BEGIN CERTIFICATE never found");
            }
        }
        if (inputStreamReader != null) {
            inputStreamReader.close();
        }
        throw new IOException("CustomerCert.pem not of correct format");
    }

    public synchronized KeyManager[] getKeyManagers(String str) throws CertsProcessorException {
        log.log(Level.FINEST, "In getKeyManagers");
        if (!this.customerPEMFileFound || !this.caPEMFileFound) {
            CertsProcessorException certsProcessorException = new CertsProcessorException("Customer or CA PEM file not found");
            log.log(Level.SEVERE, "FATAL", (Throwable) certsProcessorException);
            throw certsProcessorException;
        }
        try {
            if (!this.customerPEMProcessed) {
                if (!this.caPEMProcessed) {
                    this.caCertificates = processCAPEMFile();
                    this.caPEMProcessed = true;
                }
                CustomerCertParseResults processCustomerCertPEMFile = processCustomerCertPEMFile();
                this.customerPEMProcessed = true;
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(processCustomerCertPEMFile.rawCertData));
                X509Certificate findIssuer = findIssuer(this.caCertificates, x509Certificate);
                if (findIssuer == null) {
                    String stringBuffer = new StringBuffer().append(new StringBuffer().append("Unable to find the issuer (CA) of the ").append(" customer certificate: ").append(this.cPEMUrl).append(" amongst the  ").toString()).append(" CA certificates in: ").append(this.caPEMUrl).toString();
                    CertsProcessorException certsProcessorException2 = new CertsProcessorException(stringBuffer);
                    log.log(Level.SEVERE, stringBuffer, (Throwable) certsProcessorException2);
                    throw certsProcessorException2;
                }
                PrivateKey generatePrivate = KeyFactory.getInstance("RSA").generatePrivate(createKeySpec(decryptPrivateKeyData(str, processCustomerCertPEMFile.saltData, processCustomerCertPEMFile.rawPrivateKeyData)));
                Certificate[] certificateArr = {x509Certificate, findIssuer};
                KeyStore keyStore = KeyStore.getInstance("JKS");
                keyStore.load(null, null);
                keyStore.setCertificateEntry("nileca", findIssuer);
                char[] charArray = "customer".toCharArray();
                keyStore.setKeyEntry("customerkey", generatePrivate, charArray, certificateArr);
                this.kmf = KeyManagerFactory.getInstance("SunX509");
                this.kmf.init(keyStore, charArray);
            }
            return this.kmf.getKeyManagers();
        } catch (Exception e) {
            CertsProcessorException certsProcessorException3 = new CertsProcessorException(e);
            log.log(Level.SEVERE, "FATAL: Unexpected exception occured  retrieving Key Managers", (Throwable) certsProcessorException3);
            throw certsProcessorException3;
        }
    }

    private X509Certificate findIssuer(X509Certificate[] x509CertificateArr, X509Certificate x509Certificate) {
        log.log(Level.FINEST, "In whoSigned");
        for (int i = 0; i < x509CertificateArr.length; i++) {
            try {
                x509Certificate.verify(x509CertificateArr[i].getPublicKey());
                return x509CertificateArr[i];
            } catch (Exception e) {
            }
        }
        log.log(Level.WARNING, "None of the given CA Certificates issued the given Customer Certificate.");
        return null;
    }

    public synchronized TrustManager[] getTrustManagers() throws CertsProcessorException {
        log.log(Level.FINEST, "In getTrustManagers");
        if (!this.caPEMFileFound) {
            CertsProcessorException certsProcessorException = new CertsProcessorException("Required CA PEM file not found");
            log.log(Level.SEVERE, "FATAL", (Throwable) certsProcessorException);
            throw certsProcessorException;
        }
        try {
            if (!this.caPEMProcessed) {
                this.caCertificates = processCAPEMFile();
                this.caPEMProcessed = true;
            }
            KeyStore keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null, null);
            for (int i = 0; i < this.caCertificates.length; i++) {
                keyStore.setCertificateEntry(new StringBuffer().append("cakey").append(i).toString(), this.caCertificates[i]);
            }
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            return trustManagerFactory.getTrustManagers();
        } catch (Exception e) {
            CertsProcessorException certsProcessorException2 = new CertsProcessorException(e);
            log.log(Level.SEVERE, "FATAL: Unexpected exception occured  retrieving Trust Managers", (Throwable) certsProcessorException2);
            throw certsProcessorException2;
        }
    }
}
